--- title: Get suppressions affecting a specific rule description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Get suppressions affecting a specific rule{% #get-suppressions-affecting-a-specific-rule %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id} | ### Overview Get the list of suppressions that affect a specific existing rule by its ID. OAuth apps require the `security_monitoring_suppressions_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Path Parameters | Name | Type | Description | | ------------------------- | ------ | ------------------- | | rule_id [*required*] | string | The ID of the rule. | ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object containing the available suppression rules. | Parent field | Field | Type | Description | | ------------ | -------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | [object] | A list of suppressions objects. | | data | attributes | object | The attributes of the suppression rule. | | attributes | creation_date | int64 | A Unix millisecond timestamp given the creation date of the suppression rule. | | attributes | creator | object | A user. | | creator | handle | string | The handle of the user. | | creator | name | string | The name of the user. | | attributes | data_exclusion_query | string | An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. | | attributes | description | string | A description for the suppression rule. | | attributes | editable | boolean | Whether the suppression rule is editable. | | attributes | enabled | boolean | Whether the suppression rule is enabled. | | attributes | expiration_date | int64 | A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. | | attributes | name | string | The name of the suppression rule. | | attributes | rule_query | string | The rule query of the suppression rule, with the same syntax as the search bar for detection rules. | | attributes | start_date | int64 | A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. | | attributes | suppression_query | string | The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. | | attributes | tags | [string] | List of tags associated with the suppression rule. | | attributes | update_date | int64 | A Unix millisecond timestamp given the update date of the suppression rule. | | attributes | updater | object | A user. | | updater | handle | string | The handle of the user. | | updater | name | string | The name of the user. | | attributes | version | int32 | The version of the suppression rule; it starts at 1, and is incremented at each update. | | data | id | string | The ID of the suppression rule. | | data | type | enum | The type of the resource. The value should always be `suppressions`. Allowed enum values: `suppressions` | {% /tab %} {% tab title="Example" %} ```json { "data": [ { "attributes": { "creation_date": "integer", "creator": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "editable": true, "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ], "update_date": "integer", "updater": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "version": 42 }, "id": "3dd-0uc-h1s", "type": "suppressions" } ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Path parameters export rule_id="CHANGE_ME" \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/${rule_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ Get suppressions affecting a specific rule returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi # there is a valid "security_rule" in the system SECURITY_RULE_ID = environ["SECURITY_RULE_ID"] configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.get_suppressions_affecting_rule( rule_id=SECURITY_RULE_ID, ) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Get suppressions affecting a specific rule returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new # there is a valid "security_rule" in the system SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"] p api_instance.get_suppressions_affecting_rule(SECURITY_RULE_ID) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Get suppressions affecting a specific rule returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "security_rule" in the system SecurityRuleID := os.Getenv("SECURITY_RULE_ID") ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.GetSuppressionsAffectingRule(ctx, SecurityRuleID) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuppressionsAffectingRule`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuppressionsAffectingRule`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Get suppressions affecting a specific rule returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); // there is a valid "security_rule" in the system String SECURITY_RULE_ID = System.getenv("SECURITY_RULE_ID"); try { SecurityMonitoringSuppressionsResponse result = apiInstance.getSuppressionsAffectingRule(SECURITY_RULE_ID); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#getSuppressionsAffectingRule"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Get suppressions affecting a specific rule returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; #[tokio::main] async fn main() { // there is a valid "security_rule" in the system let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap(); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .get_suppressions_affecting_rule(security_rule_id.clone()) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Get suppressions affecting a specific rule returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); // there is a valid "security_rule" in the system const SECURITY_RULE_ID = process.env.SECURITY_RULE_ID as string; const params: v2.SecurityMonitoringApiGetSuppressionsAffectingRuleRequest = { ruleId: SECURITY_RULE_ID, }; apiInstance .getSuppressionsAffectingRule(params) .then((data: v2.SecurityMonitoringSuppressionsResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}